Skip to content

Commit

Permalink
Try signing using GPG instead
Browse files Browse the repository at this point in the history
  • Loading branch information
@thebeanogamer
thebeanogamer committed Oct 9, 2024
1 parent 0085c42 commit a6e7d3f
Showing 1 changed file with 3 additions and 13 deletions.
16 changes: 3 additions & 13 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,16 +34,6 @@ jobs:
arguments: publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Write out Cosign Private Key for JReleaser
run: echo "$COSIGN_PRIVATE_KEY" > cosign.pem
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
- name: Print the Cosign Public Key to Confirm We Can
run: cosign public-key --key "cosign.pem"
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
- name: Validate that the public key exists
run: test -f "${{ github.workspace }}/cosign.pub"
- name: Publish package to Maven Central
uses: gradle/[email protected]
with:
Expand All @@ -52,9 +42,9 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JRELEASER_MAVENCENTRAL_USERNAME: ${{ secrets.JRELEASER_MAVENCENTRAL_USERNAME }}
JRELEASER_MAVENCENTRAL_TOKEN: ${{ secrets.JRELEASER_MAVENCENTRAL_TOKEN }}
JRELEASER_COSIGN_PUBLIC_KEY: "${{ github.workspace }}/cosign.pub"
JRELEASER_COSIGN_PRIVATE_KEY: "${{ github.workspace }}/cosign.pem"
JRELEASER_COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
JRELEASER_GPG_SECRET_KEY: "${{ secrets.JRELEASER_GPG_SECRET_KEY }}"
JRELEASER_GPG_PUBLIC_KEY: "${{ secrets.JRELEASER_GPG_PUBLIC_KEY }}"
JRELEASER_GPG_PASSPHRASE: "${{ secrets.JRELEASER_GPG_PASSPHRASE }}"
JRELEASER_GITHUB_TOKEN: ${{ github.token }}
- name: Add Artifact to GitHub Release
uses: softprops/action-gh-release@v1
Expand Down

0 comments on commit a6e7d3f

Please sign in to comment.